[Secure-testing-commits] r13332 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Fri Nov 20 22:56:26 UTC 2009 

Author: geissert
Date: 2009-11-20 22:56:26 +0000 (Fri, 20 Nov 2009)
New Revision: 13332

Modified:
   data/CVE/list
Log:
new linux and xulrunner issues, 2 NFUs, one linux issue CVEified


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-20 21:14:22 UTC (rev 13331)
+++ data/CVE/list	2009-11-20 22:56:26 UTC (rev 13332)
@@ -21,9 +21,9 @@
 CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft ...)
 	TODO: check
 CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the ...)
+	- linux-2.6 <unfixed>
+	- linux-2.6.24 <removed>
 	TODO: check
-CVE-2009-4004 (Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in ...)
-	TODO: check
 CVE-2009-4003
 	RESERVED
 CVE-2009-4002
@@ -75,6 +75,7 @@
 CVE-2009-3979
 	RESERVED
 CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp ...)
+	- xulrunner <unfixed>
 	TODO: check
 CVE-2009-3977 (Multiple buffer overflows in a certain ActiveX control in ...)
 	TODO: check
@@ -181,7 +182,7 @@
 CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux kernel ...)
 	- linux-2.6 <unfixed> (low)
 	- linux-2.6.24 <removed> (low)
-CVE-2009-XXXX [kernel memory corruption in kvm_vcpu_ioctl_x86_setup_mce]
+CVE-2009-4004 [kernel memory corruption in kvm_vcpu_ioctl_x86_setup_mce]
 	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
 	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
@@ -403,9 +404,9 @@
 CVE-2009-3842
 	RESERVED
 CVE-2009-3841 (Unspecified vulnerability in HP Discovery &amp; Dependency Mapping ...)
-	TODO: check
+	NOT-FOR-US: HP Discovery & Dependency Mapping
 CVE-2009-3840 (The embedded database engine service (aka ovdbrun.exe) in HP OpenView ...)
-	TODO: check
+	NOT-FOR-US: HP OpenView
 CVE-2009-3839 (Unspecified vulnerability in the Solaris Trusted Extensions Policy ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2009-3838 (Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly ...)

More information about the Secure-testing-commits mailing list